commit - 57ec3e776e0333167134b5b186f9c72870eb228d
commit + 31b3662c5484a7906c60f6eaedaec5fdd4adf444
blob - 38ecf0a9ba48826f53f043161ae9c89bd27d3715
blob + ad47822a9b871beab8e34e4ad26466b12203fa71
--- gg.1
+++ gg.1
.Nm
.Bk -words
.Op Fl 23bchNVv
+.Op Fl C Pa cert.pem Fl K Pa key.pem
.Op Fl H Ar hostname
.Ar IRI
.Ek
Use only TLSv1.3.
.It Fl b
Print only the body of the response.
+.It Fl C Pa cert.pem
+Load the client certificate, must be in PEM format.
.It Fl c
Print only the response code.
.It Fl H Ar hostname
The IRI hostname will still be used for the DNS resolution.
.It Fl h
Print only the response header.
+.It Fl K Pa key.pem
+Load the client certificate key, must be in PEM format.
.It Fl N
Don't check whether the peer certificate name matches the requested
hostname.
blob - 97fb71683db2443945279974d51dea3658516673
blob + eb5098ac5d9020814a5e072b48005558a51e7f5d
--- gg.c
+++ gg.c
#include "gmid.h"
int flag2, flag3, bflag, cflag, hflag, Nflag, Vflag, vflag;
+const char *cert, *key;
int
main(int argc, char **argv)
ssize_t len;
hostname = NULL;
- while ((ch = getopt(argc, argv, "23cbH:hNVv")) != -1) {
+ while ((ch = getopt(argc, argv, "23C:cbH:hK:NVv")) != -1) {
switch (ch) {
case '2':
flag2 = 1;
case 'b':
bflag = 1;
break;
+ case 'C':
+ cert = optarg;
+ break;
case 'c':
cflag = 1;
break;
case 'h':
hflag = 1;
break;
+ case 'K':
+ key = optarg;
+ break;
case 'N':
Nflag = 1;
break;
if (flag2 + flag3 > 1)
errx(1, "only -2 or -3 can be specified at the same time.");
+ if ((cert != NULL && key == NULL) || (cert == NULL && key != NULL))
+ errx(1, "missing certificate or key");
+
if (argc != 1)
errx(1, "missing IRI");
if (flag3 && tls_config_set_protocols(conf, TLS_PROTOCOL_TLSv1_3) == -1)
errx(1, "cannot set TLSv1.3");
+ if (cert != NULL && tls_config_set_keypair_file(conf, cert, key))
+ errx(1, "couldn't load cert: %s", cert);
+
if ((ctx = tls_client()) == NULL)
errx(1, "tls_client creation failed");